Can somebody give me some examples on why anonimity is needed in cell phones?
My pleasure. Please note, the following are all hypotheticals.
Example 1: I don't want a cell phone. I hate - no, I detest - cell phones. But my job requires me to do quite a bit of traveling. That prepaid cellphone I can pick up at Walgreens for 10 bucks and toss into my glove box gives me a little comfort when I'm on the road. If my car breaks down, I can get in touch with AAA, but I don't have to pay for some bogus monthly plan that I'll never use.
Example 2: I work for a large, multinational corporation. I've repeatedly witnessed my boss discriminating against minority coworkers by assigning the good clients to my fellow white coworkers. I want to blow the whistle, and it's going to require a bit of back-and-forth communication between me and several newspaper columnists. Unfortunately, my employer nets billions of dollars per year and could easily afford a little "internal investigation" - I don't want these calls showing up on my cell phone bill.
Example 3: I'm a battered wife who finally decided she's not going to take it anymore. I left my abusive husband and temporarily moved in with a friend he doesn't know, but my husband hired a private investigator to track me down. I'm afraid that if I get a cell phone in my name, the P.I. will be able to find the billing address and come do me harm. I'm also afraid that even if I put the cell phone in my friend's name, the P.I. could get the phone records of my associates and see who's calling them, then backtrack and find me.
Example 4: I'm a volunteer coordinator for the American Cancer Society. We've arranged a 5K walk in my city to raise money for cancer research. We're going to have 20 volunteers assigned to various "stop stations" along the route, passing out water and granola bars to the participants. If anyone runs out of supplies at their station, they need to be able to contact me at the "base camp" so that I can send more. We looked into buying 20 CB or FRS-band radios, but those were pricing at 75 to 100 bucks apiece. It would be much more cost efficient to provide each of them with a disposable cell phone, but we don't believe it's necessary to have to "register" for them.
Example 5: I'm a regular guy, just like you. I'd like a cell phone, but I'd rather not have the cell phone company knowing who I am. I don't want them sending me junk mail, I don't want them calling my home number twice a week trying to get me to upgrade my plan, and I don't want them selling my name and address to their affiliates. I just like my privacy and I'd like to have a little convenience without having to sell my soul to marketdroids in the process.
It took me about 2 minutes to come up with these examples (longer to type them out). Do you need more?
I figure is anonymity is needed once in a while one can always use a public pay phone.
Absolutely. <sarcasm>And because payphones are so profitable to the telcos, they're putting more and more of them up all over the place! They love collecting 35 cents a few times a month from people who have to make unexpected calls, instead of charging those people 35 bucks a month for a cell phone they rarely use.</sarcasm> I don't know about Switzerland, but here in the US, payphones are a dying breed. It used to be, every gas station had one outside, and every shopping mall had a bank of them near the restrooms. These days, to be honest I wouldn't know where to find a payphone if I needed one.
If you don't see any need or justification for anonymous cell phones, why do you see a need or justification for (not to mention suggest using) payphones? Tracing a cellphone to a particular location is, at least in terms of technology, just as easy as tracing a payphone to a particular location. And don't payphones provide the "bad guys" with just as much opportunity to make anonymous calls?
So I'm guessing the people that complaint are the ones who need anonimity most of the time or often at least. Why?
Why not? For the record, I'm not complaining, nor do I have or want a cell phone. I just can't see why anonymity is a negative thing.
What purpose does outlawing child pornography serve? People could just go to a country that doesn't outlaw child pornography.
I'm with elmacho, this analogy is off. Unlike cellular phones, child pornography doesn't have a legitimate, lawful use; whether purchased anonymously or otherwise.
The terrorist attack on the US was made possible thanks to box cutters. Should we outlaw the anonymous sale of box cutters - and require anyone purchasing box cutters to provide ID - just because terrorists used them? I bet terrorists have a tendency to make their purchases in cash, instead of writing personal checks. Should we outlaw cash because it can be used by terrorists to make anonymous purchases?
Here's a wake-up call to lawmakers in Switzerland and everywhere else: terrorists aren't law-abiding citizens! Terrorists don't care whether or not there's a legal way to obtain automatic weapons, C4, strong crypto, or anonymous cell phones - if they want these things, they'll get them one way or another. It's illegal to hijack airplanes, it's illegal to murder people, it's illegal to destroy someone else's property. Gee, a lot of good those laws did!
I wonder how many anonymous Swiss bank accounts are holding terrorist assets...
The link to remove posts from Google's usenet archive is here. There are a couple of stipulations in order for automatic removal to be possible. One, the "From" address on the usenet post must point to the real, unmunged email address under your control. Two, you must register and confirm a groups.google utility account from that same address (you can do so at the above link). The parent's parent's poster should be able to meet both of these qualifications.
If you find that you have a large number of posts that you need removed, I wrote a PHP script called NukePost which will remove huge batches from the Google archive at once. The script simulates a browser session and makes all the required, repetative form posts at Google's controller site for you. All you need are the Message-IDs of the offending posts. I may write a groups.google spider to retrieve those in the future.
In situations where it's obvious that you made the post but you can't qualify for automatic removal, an email to groups-support {at} google should get you taken care of. You need to include a few things in your message, details are here.
I've heard rumors that Google maintains a separate usenet archive for paying customers (i.e. governments, corporations) to browse, which does not honor the removal requests or the X-No-Archive header - though I have absolutely nothing to back that up with - so it's possible that nuking posts is a futile effort. It should keep the cheap spammers away, at least.
Not everyone is out to get you. Not everyone wants the leftover DNA from your underpants. Your Thumbprint means nothing.
As much as I wish I could believe this, I don't; depending on where you live, your thumbprint can mean a great deal and law enforcement is chomping at the bit to get it.
No, I'm not some paranoid delusional. They've tried to pass a law here where anyone who buys or sells any item at a pawn shop would be required to provide their fingerprints to the pawn shop. The fingerprints would then be turned over to the police (who, no doubt, would put them into the NCIC database). Yes, that's right; private transactions between private companies and private individuals would require fingerprints turned over to the cops. We aren't talking guns here, we're talking CD players, cubic zirconia rings, gold necklaces, all the various stuff you find in pawn shops.
The "logic" behind this proposal is that thieves often fence stolen goods at pawn shops; thus pawn shop customers often purchase stolen goods, either intentionally or unintentionally. By requiring that every pawn shop transaction be accompanied by fingerprints, stolen property and those responsible for its theft could supposedly be tracked down more easily. At the same time, the police could add to their fingerprint database of "persons of interest" - that eerily Doublespeak new category which means "they're not even a suspect but we're watching them anyway."
Well, that's a grand idea at first glance. The problem is that pawn shops have plenty of legitimate customers as well - think eBayers - who aren't doing anything wrong and do not deserve to be treated like criminals. It would be easier to track down stolen property if every transaction required you to donate a blood sample. It would be easier to track down stolen property if a law was passed requiring a Lo-Jack device in every tangible good. Hell, it would be easier to track down stolen property by forbidding anyone but the government to sell things to the public. Just because something makes crimes easier to solve, doesn't mean it's a good idea!
My point is that, at least in the USA, people are supposed to be innocent until proven guilty. We're supposed to be protected from unwarranted search and seizure. I'd certainly consider mandated fingerprints at the pawn shop to be unwarranted seizure of those fingerprints. Unfortunately there are a lot of people out there who believe that the ability to solve/prevent crime trumps all other rights. There are a lot of people who believe that outlawing guns will stop murder, or that making non-DRM-compliant computers illegal will stop piracy. You get the idea.
Wait until they ask you for a universally accepted method of identification before freaking out.
And then what? Either you provide that ID or you don't get hired? Either you provide that ID or you can't buy gas for your car to get to the job you don't have anyway? Either you provide that ID or the grocery store charges you more for food than they charge those who do provide that ID? Think fast: which one of those is already taking place? Who do you think is getting access to your purchase records from the grocery store? I'll save you the trouble, and quote from the article (emphasis mine):
The saga began with a misguided fit of patriotism mere weeks after the World Trade Center and Pentagon attacks, when a corporate employee handed over the records--almost literally, the grocery lists--to federal investigators from three agencies that had
never even requested them. In a flash, the most quotidian of exchanges became fodder for the Patriot Act.
Still not concerned about private companies having your personal data? s/grocery store/your company/g and s/grocery lists/biometric information/g if you don't see the problem. Suppose one day someone in your company's HR department decides to "fight terrorism" by donating every employee's retina scan to the FBI - that's not a problem? It's going to happen sooner than later. Believe me, I never thought I'd see the day when grocery stores tracked individuals' purchases, much less the day when the entire database was willingly handed over to the government.
Further, a lot of biometric devices (and even manual techniques like fingerprint dusting) are susceptible to forgery. Perhaps not as much as they used to be, but still plenty enough to make me nervous. As biometrics become more pervasive, what happens when the grocery store requires your thumbprint, or voiceprint, or retina scan, etc. in order to check out? Suddenly they have a copy of the very "key" that gets you into your office at work, disarms your home's security system, authenticates your bank transactions, and even puts you at the scene of a crime. Sorry, but I'll keep my thumbprint to myself.
If someone really REALLY wanted to fuck you over, they'd have done so already.
No, if someone really REALLY wants to fuck you over, you aren't going to know about it until it happens. If someone wants to try it on me, I'd prefer that they not have access to my fingerprints, my grocery bills, or anything else that's my own goddamn business.
and then people looking at the report would say, "hey, the page at wilddonkeysex links to my perfectly/valid/page and it's getting like 500 hits a day from there, woo! let's click on that url and see what the link to my page looks like!"
Actually it's even better than that. As you mentioned, many sites place their server logs online for public viewing; but take that a bit further. A lot of website stats packages will automatically turn referring URLs (and other data) into hyperlinks, to "pretty up" the stats pages. Because some search engines rank your page, in part, based upon how many other sites link to you... Well, you see where I'm going with this.
People don't have to visit the "victim" site at all, and they certainly don't have to browse the stats. The stats programs and search engine spiders will take care of everything. Got a low-ranking, poor traffic site that nobody links to? No problem, you can have 1,000 people linking to you by the end of the week, whether they know it or not. This really is nothing new, and the spamming side of it (i.e. repeatedly hammering a site) reminds me of how most TopSites work. These have been around forever, and so have the many methods of tricking them.
Placing your URL as the referer to sites with public stats can be quite helpful in boosting your rank, and a slightly hacked copy of wget or w3mir can make it an easy task. I guess the only real "news" here is that, once again, a few village idiots have failed to realize that some things are only good in moderation. There's neither a need nor an excuse to log yourself as a referer to any particular site more than once a month; and hundreds or thousands of times in a day is just plain stupid.
Alias that to a command (say, `newmac`) and all you have to do is type `newmac 00:03:AF:42:C1:6E` to change the MAC. If you're not using a variation of the FreeBSD "simple" firewall be sure to edit or remove the last line in the script.
Here is a link to relevant T3Direct threads in NANAE, sorted by reverse date. Read 'em and weep. Congratulations, Joey!! This is one hell of a precedent, even if it is over there in.au:)
SAM comes with the textbooks, and it's that simple. My college, STCC, has adopted the course.com suite of textbooks full-force. Of the two computer related classes I'm taking this semester, both of them use textbooks which are tied into course.com. Both of them require the "Student Data Files" which course.com offers, and both courses are dependent upon the files made available by course.com.
Yet for some strange reason, only one of the classes does its tests via SAM at course.com and additionally via a program called ExamView. The class in which SAM and ExamView are required is called "Intro to Microcomputers" (heh, I graduate this semester, I've gone through 4 C/C++ classes and a Java class, I just never took this class 'till now). The VB class I'm taking doesn't require either SAM or ExamView; tests in that class are given in the traditional manner, part written and part "do it on the computer and turn in the floppy."
Are students being indoctrinated into the Microsoft culture? Are students being forced to use Windows for learning, forced to use Windows for programming (all my C classes were done in either Turbo C or MS VC++), forced to use Windows for testing? Yes, absolutely. Does that bother me? Not really; I run Windows and MacOS and FreeBSD and I'm damn sure savvy enough after all this time to know which I prefer. I was more offended at the fact that SAM requires registration. In other words, course.com and God-knows-who it's associated with now knows:
My full name
My email address - required as our username
Which IT-related class(es) I'm taking
The grades I make on every test for those classes
I don't much mind the fact that the tests are being taken on Windows computers using Windows software. In fact, I prefer the SAM/ExamView tests to written tests; and SAM is actually a pretty nice package. Not only can it ask questions, it can emulate any Windows application, e.g. in my Intro class it emulates Word/Excel/Powerpoint in order to test students on whether or not they can complete the necessary tasks. It truly is a neat application and I can easily see how the college was sold on it.
What bothers me is that, in the case of SAM, the exams are taken, scored, and graded on course.com's server... Which means that course.com knows my name and my grades. There was a EULA presented when signing up for a SAM login, but it's not like I had a choice as to whether to accept or reject the license. If I want to pass the class, I have to take the tests via SAM. Which leaves me no other choice but to enter my real information and accept the EULA.
course.com knows what I'm making on my tests, and I have no idea what the fuck they're doing with that knowledge. That, and only that, is what really ticks me off; even if I am acing 'em. My grades should be between me and my college, a third party shouldn't enter into the equation.
I find it interesting that police officers can drive over the speed limit and run through red lights with their sirens on, but if Joe "gray" hat driver does the same thing, he gets a ticket or goes to jail. Give me a break dude.
On the other hand, to use several often-touted analogies, a police officer can't walk into my house at will and fill his Thermos from my coffee pot, he can't just trot into my office and start using the company's T3, and unless he has damned good reason, he'd better not be walking up to my back porch and jiggling the doorknob. Doing any of the above without a warrant or some other valid reason to make entry would quickly get him in trouble if not fired.
I know these analogies are flawed, but so is yours. A police officer (at least around here) isn't allowed to go 90mph or fly through a red light unless he's responding to an emergency call or pursuing a known felon. I don't believe anyone called up Agent Peterson and asked him to come check out their WAP on the double; it seems much more to me like he's just poking around. He's doing it under official directive, without a doubt, but that doesn't necessarily make it right.
Why is it that it's OK if Agent Peterson goes wardriving and maybe does a bit of snooping to probe a network, but if we do it, we could be sued or perhaps even branded as hackers (or terrorists, or whatever word they're using nowadays) and tossed into the clink? Why is that Agent Peterson can throw together a decent gain antenna made out of a Pringles can and look like a genius for using limited resources, but if we do that, we're frowned upon since we used a few raw materials for something other than their obvious purpose? Why is it that Agent Peterson is likely praised among his peers and the D.C. community for "protecting" government and corporate interests, yet you or I would wind up facing stiff penalties under the DMCA for using the Pringles can as a "circumvention device" to gain "unauthorized access" to this or that network, even if we had the same basic ideals (improving security) in mind?
"Because he works for the Secret Service" is not really much of an answer IMO. I can't go around murdering people I don't like, but neither can Secret Service agents; membership in the law enforcement community is not a carte blanche. If it had been a Secret Service agent who discovered and pondered publishing the flaw in HP's Tru64, would HP still have threatened with the DMCA? You're damned right they wouldn't have.
My point is that it's all perception. If ABC Corp. gets a call from the Secret Service saying "Your wireless network is insecure, I could use it to do something nefarious," the IT goober is notified; and either the network is locked down or the incompetent IT manager is fired, tout de suite. If ABC Corp. gets that same phone call from a curious layperson, ABC Corp. gets on the phone with its legal team, subpoenas the phone records, and files suit against the "terrorist hacker perpetrator."
This is wrong, and the underlying perception is one that we're going to have to work very hard to change.
Shaun
P.S. Hi USSS, are you still reading? My homepage hasn't had any hits from eop.gov lately, I feel neglected:)
How are they doing this?
The article didn't explain it for a technical perspective
My guess is that the software installs a system hook to watch Internet Explorer's message queue. When it's determined that IE has been pointed at an interesting site, the destination URL is simply rewritten and pumped back to the queue.
Think of it as a man in the middle attack at the very core of Windows (though fully supported by the API - there are plenty of legit uses for these sorts of hooks). This isn't very difficult, it's how many of the "Net Nanny" and "Spy on your Wife" programs figure out where you're browsing to and who you're talking with on AOL, and it's the same principle that Windows keyloggers have been based upon forever. You tap into the message queue, ignore anything you don't care about, and mess with anything that interests you.
The problem is that Amazon's affiliate URLs are in a fairly constant format and easy to fudge. For example, consider the following:
...replace the affiliate-id with your own, send the "Go to this URL now, please" request on to IE, and you're set.
As an aside, message queue peeking and system hooks are usually the reason why having spyware (especially multiple spyware apps) installed can slow your system down or even bork it completely. Imagine the above scenario, except with 10 different spyware programs all trying to intercept and reformat the same messages for the same program at the same time...
Then he ordered me to hold my hand out. He said, "See, it's shaking." What could I say?
Interestingly enough, this same justification was used by Shelby County Sheriff's Department deputies to detain me in the back of a squad car - in front of my own house, no less - for more than 2 hours in 1999. I stepped out for a smoke; after they noticed me, I was called down to the sidewalk where a couple of police cars had parked. They asked me to hold out my hands, then to turn them over; when I did so, the older officer asked, "Why are your hands shaking?" I replied, telling them "It's not every day there are 4 cops questioning me."
The next instruction was "Place your hands back down at your side," and when I did so, a deputy behind me promptly cuffed them and put me into the back of one of the cars. For the next 2+ hours I was questioned about an apparent explosion that had taken place nearby. I was threatened with the bringing out of bomb-sniffing dogs, and "those dogs can smell drugs too." After two hours of me being quite clear in the fact that I hadn't done anything, invitations to bring out the bomb/drug dogs, and encouraging them to get the search warrant they claimed they could get at a moment's notice, I was finally let go.
I have to wonder: do law enforcement officials honestly view shaking hands as a sign of guilt? Don't they realize that the average citizen does not come into confrontation with them on a regular basis, and is (understandably) rather shook-up when such an encounter takes place?
I'd probably be nervous if they chose me for random inspection at the airport. Not because I'm doing anything wrong, but just because it's an uncomfortable and unnerving situation. I hope nobody's been detained just because they had shaky hands or a nervous voice.
Ever since my own incident, I go out on the back porch to smoke. And I'm incredibly nervous when I see a cop car, even though I haven't done anything wrong. Such is life in America, and that was before 9/11.
>Why is it OK to use these techniques to get the spammers, but not the terrorists?
Probably because
a) Spam filtering is not yet widely a criminal matter, it's more of a civil matter (for the time being) involving property rights, trespass to chattel, etc.
b) Even if spam filtering were a criminal matter, you can bet your bottom dollar that spammers would be given a trial amongst a jury of their (supposed) peers
c) Spammers will never be subject to secret military tribunals after which they could very well be executed without a soul knowing what took place, or that they had even been detained to begin with
d) The penalty for spamming is not death, and realistically never should be, regardless of how annoying it is or whatever cynical comments are made
e) In the end, when it comes to spam filtering, it's up to the individual - not the government - to decide the "punishment" of the "offender" (which at maximum is limited to rejecting the email or perhaps complaining to the originating ISP)
f) Being labeled a spammer, or even a convicted spammer, might get one blackballed in the marketing or IT industries; whereas being labeled a terrorist will prevent one from finding work just about anywhere or getting fired from their current job, even if they're found not guilty, or even if they're not tried for any crime at all (see: Richard Jewell, Steven J. Hatfill, Sami Al-Arian)
Sure pre-fab characters are okay... if they are beginner characters. But looking at the UO page, the pre-fab characters aren't beginners - they have stats in the 80s... it takes weeks to get to that level through normal play.
When I sold off my accounts in May, it was possible to get a brand new character to 80 Magery/80 Meditation/80 Eval Int in less than 5 days. A GM Miner/Smith with Tinkering in the 90s if not GM took a week to make. And that's taking into account the time I spent playing all the other characters. Granted, I wouldn't have fallen into the category of "normal play" - I played at least 8 hours a day, sometimes closer to 16 hours - but that time was spread among 3 shards and probably 15 different characters. In any case, a character at 80 isn't really too much of a gimme, but along with other changes implemented over the past couple of years it's clear that they're catering to newer players.
Community. It is UOs primary strength. Any policy which destroys the community, destroys the game. Pre-fab characters will only encourage an 'easy comes, easy goes' attitude to people's characters. They won't have any attachment to them nor care about the consequences of their actions. Basically, it encourages anti-social behaviour online which will destroy the community.
That happened long ago. I'm not going to launch into a huge Trammel flame, since I spent most of my time there post-Renaissance, but IMO the community started going downhill at about the point when newly created characters started out with 1000 gold instead of 100. It was a half-fix to an obvious problem (inflation due to months of rampant duping).
If I had to come up with a single root cause for my leaving UO, it would be that the economy was fucked up beyond repair. That took a lot of the community down with it. It's tough to be nice to the 20 other people in the reagent shop competing for resources, or the group of folks hoarding those resources and selling them at 10x markup on their vendors. It's hard to be nice to the guy who follows you around a dungeon kill-stealing because he has to save up 6 million gold for a small wooden house in the middle of nowhere.
Contrary to what I'd see daily on the UO boards, I never ran into many "grief players" who were out to ruin others' gameplay for the sake of doing it. Most of the problems I ran into were with folks who wanted gold, or real money from eBay. The aforementioned reagent hoarding and kill-stealing, as well as looting, spawn camping, tamers with 3 dragons in tow, rogue bards hogging an entire dungeon, exploiting, account hacks, and just about everything else annoying was being done for in-game or real life financial gain.
Money is the root of all evil, and in UO, it shows. Seems rather ironic that money, or EA/OSI's need for it, is causing this "divide" in the community. I'm glad I managed to permanently break the addiction, else I'd probably have wasted 6 hours on the boards today. Now if I can just get rid of the slight DT's induced by this article:)
This about sums it up from my experience as well. I've installed Apache 2.0 on precisely one server: a development box dualbooting Windows and FreeBSD. 2.0 runs just fine, and aside from a few early PHP issues, I haven't had any problem with it. But my opinion - which, I think, is fairly common - is "why bother?"
I've installed Apache 1.3x on numerous machines over the past few years. All of the webhosting companies I've worked with still run 1.3.23 or 1.3.26. I know the process of installing Apache 1.3.x with PHP and MySQL ("LAMP" or "FAMP" servers) like the back of my hand. I've written shell scripts to do it for me. As long as the tried-and-true Apache keeps running, and is still being actively bugfixed, I see no reason to switch production servers to Apache 2.0.
"Why fix what ain't broken" is a damn good way to sum it up, IMO. This is coming from a guy who's perfectly happy running MacOS 8.6.1 on his G4, and WinME on his Windows boxes. There's no sense upgrading if everything's working fine now. Along the same train of thought, why take the time to learn the new configuration/installation options for Apache 2.0x, not to mention updating scripts or doing the actual installs, when 1.3.26 works just as well as it ever has? The benefits of 2.0x simply haven't won me over yet.
At the same time though a lot of the anti-cellphone rage just seems to be redirected anger: People just simply can't stand each other nowadays, and cell phones give us an easy target.
I think it's more the former than the latter; that is, the anti-cellphone rage winds up being redirected upon polite cellphone users. I doubt that the guy on the train was redirecting his job-related or marital stress in your general direction; instead, it's more likely that he was upset because he's become accustomed to cellphone users being rude. It's a simple case of perspective, the actions of the obnoxious "majority" reflect upon the entire class.
I was sitting in class today and a woman's cell phone went off. It wasn't too annoying at first. Then she pulled her purse out of her backpack, and it got louder. Then she pulled the phone out of her purse, and it might as well have been a goddamn fire alarm. All in all, it took 30 seconds or so for her to turn it off, and it completely interrupted everyone's train of thought. When I see someone on a cellphone, this is the type of experience that immediately comes to mind - not the guy who I didn't even notice because he was speaking softly into his phone as I passed him on the walkway.
Think of SUVs, a good example since they've already been mentioned once in this thread. SUVs seem to carry similar connotations. Many people, myself included, see someone driving an SUV and often think "road hogging, gas guzzling, polluting idiot!" Of course that's not true in all cases. My dad's been driving an Explorer since '96 or so. He's never had a wreck in his life, he's never even had so much as a speeding ticket; he's a very safe and astute driver. Perhaps "gas guzzling" and "polluting" still apply, but he's not a road hog and he's no idiot. Yet I'm sure there are plenty of people who think that when they see him driving down the road.
It's just a stereotype. People have come to associate cellphones with rude, inconsiderate behavior (and for a good reason). They salivate when the bell rings, you can't expect anything else.
Create a website with logins for the users. Users of this web site can create lists of checksum for the files they create or have downloaded and verified as valid.
Other users can check any given user's list, and perhaps even post comments about the user's list, a form of moderation, if you will.
Fortunately, someone's already done all the work. Such a system already exists; head on over to Bitzi and check it out.
Bitzi is based on checksumming. After you download a file, you run it through the Bitcollider app to generate a unique checksum which is automatically uploaded to the Bitzi site. Meta-information like ID3 tags, etc. is also extracted from the file if present, and all of this data is combined to create what's known as a "Bitzi ticket." You can vote for the (in)validity of a particular file, and you can also leave comments about a particular file for other users. A ticket can be created for any file, not just MP3s; there are already lots of pornos with Bitzi tickets:)
The eventual goal is that, before you take the time to download a file, you'll be able to look up its Bitzi ticket and determine whether or not it's what you're really looking for. If 10 people have already indicated that the file is bogus, corrupted, incomplete, etc. you'll be able to safely skip it without wasting time or bandwidth. In order for this to happen on a broad scale, Bitzi needs more users. It's totally a volunteer community effort; someone has to be the first person to run each file through the Bitcollider and generate the initial ticket. Please visit the Bitzi site, register (I can vouch for the fact that it's possible to register with an @example.com address and still access the site just fine), then run all your shared and/or downloaded files through Bitcollider. The more files that get into the Bitzi system, the better; this includes "bad" files, and in fact ticketing "bad" files is probably more useful than ticketing "good" files.
Several popular P2P filesharing clients, including BearShare and eDonkey2K, already have built in support for Bitzi tickets. I hope others will follow suit.
It's called Amp and comes in an 8.5 ounce can (seems to be the standard for energy drinks). Tastes like a combination of Dew and Smarties candy. It's not worth the $2/can, though; I've tried it a couple of times and it didn't give me a noticeable boost.
I agree with you that some of the more abusive clients are getting out of control. I don't agree with blocking them outright, though. Gnutella is where it is because it's an open network and an open protocol; I think we have to leave it that way if we expect any future genius to appear on the network. Closing things up and locking the doors, these aren't the appropriate solutions IMO.
I think filtering of abusive apps should be done on the client side of the servent equation. The biggest problems I've seen lately don't involve Xolox specifically, but users of varying servents. People who queue up hundreds of different files to download at a time. People using programs which ignore "Not Shared" or "Refused" replies, and continue to pound my box looking for files that don't exist.
I was out of town for a few days last week (all computers turned off, except for my router box). When I came back, I fired up my Gnutella program. Without even connecting to the network, I was immediately serving uploads. That means that someone was trying to download from me for three full days while a) the files were not shared, b) Gnutella wasn't running, and c) the freaking computer wasn't even turned on! Come on, servent authors: pay some attention when you get "Refused" or "Not Shared" responses. Drop such files from the queue after 2 or 3 failed tries, don't leave them sitting there for eternity.
I want a setting that says "drop all packets from hosts who request a no-longer-shared file." I want a setting that says "drop all packets from hosts who attempt to download while the program is running but not connected to the network." I want a setting that says "drop all packets from hosts who send download requests more than $TIMES per minute." My per-user upload limit is set at 1, so someone queueing up 200 files at a time generates an enormous amount of protocol overhead. It might be 5 hours before that user gets all of his 200 files, all the while he's sending a constant barrage of packets which accomplish nothing.
Gnutella is an open network. Yes, we do need to do something about read-only clients, but I think it should be up to the people to decide what gets done. Provide the users with the appropriate filters and let the majority determine what behavior is good vs. bad.
The story as I understand it is that Rodentia was hired by Mark Rice to spam for certain stocks. When Rice wrote the spam text, he bragged about his (bogus) surefire history at picking stocks, and made other possibly false claims about the stocks and his investment prowess. In addition, the spam did not disclose the fact that the people doing this "promotion" stood to profit based upon reaction to the spam. There are a few standard disclaimers required by law, which you'll find at the bottom of legitimate analyses released by legitimate banks and investment firms. Forward-looking statements, yadda yadda.
The whole thing is known as a "pump 'n dump" scam; i.e. you buy a lot of shares in the company, pump up the stock price through some fraudulent or misrepresentative means, then dump the shares for a profit. It can also be done in reverse, by shorting a large number of shares and then issuing a bogus negative press release to drive the stock price down - look at what a single negative press release did to shares of ImClone, the company Martha Stewart got caught up in, and you'll get a feel for what a single statement can do to a stock (though obviously the ImClone release was valid). Typically the perpetrator will target a company you've never heard of, whose stock is trading OTC for fractions of a cent per share; that way the up-front cost is low and the risk is negligible if anything backfires.
It's very illegal, and this is what the SEC is going after them for. While the phenomenon was much more widespread during the dot com stock boom, it's still going on today and likely always will be. If you receive "pump 'n dump" spam, please forward it to enforcement [at] sec.gov.
>Requires an administrator to restart it? Do they mean it basically crashes >and has to be rebooted?
Probably, yes. I don't know what exactly Mullen is doing, but I suspect it's similar to one of the "return fire" solutions I've implemented:
HTTP requests for default.ida (of Code Red fame) are redirected to a PHP script via Apache rewrite directives. That script pulls the REMOTE_ADDR environmental variable, which contains the IP address of the infected machine, then sends two requests back to that host:
http://$host/scripts/root.exe?/c+iisreset+/stop http://$host/scripts/root.exe?/c+rundll32.exe+she l l32.dll,SHExitWindowsEx+5
If you're so inclined, you could use root.exe to do something more conspicuous in the hopes of alerting the user to the problem. For example, instead of shutting down the remote machine, you could create some directories named @ATTENTION_ADMINISTRATOR and @YOUR_COMPUTER_IS_INFECTED_WITH_A_VIRUS in the C drive. That's bound to get someone's attention eventually.
Slashdot Mirror
...Heidi Wall.
:)
Sorry, Larry
Example 1: I don't want a cell phone. I hate - no, I detest - cell phones. But my job requires me to do quite a bit of traveling. That prepaid cellphone I can pick up at Walgreens for 10 bucks and toss into my glove box gives me a little comfort when I'm on the road. If my car breaks down, I can get in touch with AAA, but I don't have to pay for some bogus monthly plan that I'll never use.
Example 2: I work for a large, multinational corporation. I've repeatedly witnessed my boss discriminating against minority coworkers by assigning the good clients to my fellow white coworkers. I want to blow the whistle, and it's going to require a bit of back-and-forth communication between me and several newspaper columnists. Unfortunately, my employer nets billions of dollars per year and could easily afford a little "internal investigation" - I don't want these calls showing up on my cell phone bill.
Example 3: I'm a battered wife who finally decided she's not going to take it anymore. I left my abusive husband and temporarily moved in with a friend he doesn't know, but my husband hired a private investigator to track me down. I'm afraid that if I get a cell phone in my name, the P.I. will be able to find the billing address and come do me harm. I'm also afraid that even if I put the cell phone in my friend's name, the P.I. could get the phone records of my associates and see who's calling them, then backtrack and find me.
Example 4: I'm a volunteer coordinator for the American Cancer Society. We've arranged a 5K walk in my city to raise money for cancer research. We're going to have 20 volunteers assigned to various "stop stations" along the route, passing out water and granola bars to the participants. If anyone runs out of supplies at their station, they need to be able to contact me at the "base camp" so that I can send more. We looked into buying 20 CB or FRS-band radios, but those were pricing at 75 to 100 bucks apiece. It would be much more cost efficient to provide each of them with a disposable cell phone, but we don't believe it's necessary to have to "register" for them.
Example 5: I'm a regular guy, just like you. I'd like a cell phone, but I'd rather not have the cell phone company knowing who I am. I don't want them sending me junk mail, I don't want them calling my home number twice a week trying to get me to upgrade my plan, and I don't want them selling my name and address to their affiliates. I just like my privacy and I'd like to have a little convenience without having to sell my soul to marketdroids in the process.
It took me about 2 minutes to come up with these examples (longer to type them out). Do you need more?Absolutely. <sarcasm>And because payphones are so profitable to the telcos, they're putting more and more of them up all over the place! They love collecting 35 cents a few times a month from people who have to make unexpected calls, instead of charging those people 35 bucks a month for a cell phone they rarely use.</sarcasm> I don't know about Switzerland, but here in the US, payphones are a dying breed. It used to be, every gas station had one outside, and every shopping mall had a bank of them near the restrooms. These days, to be honest I wouldn't know where to find a payphone if I needed one.
If you don't see any need or justification for anonymous cell phones, why do you see a need or justification for (not to mention suggest using) payphones? Tracing a cellphone to a particular location is, at least in terms of technology, just as easy as tracing a payphone to a particular location. And don't payphones provide the "bad guys" with just as much opportunity to make anonymous calls?Why not? For the record, I'm not complaining, nor do I have or want a cell phone. I just can't see why anonymity is a negative thing.
The terrorist attack on the US was made possible thanks to box cutters. Should we outlaw the anonymous sale of box cutters - and require anyone purchasing box cutters to provide ID - just because terrorists used them? I bet terrorists have a tendency to make their purchases in cash, instead of writing personal checks. Should we outlaw cash because it can be used by terrorists to make anonymous purchases?
Here's a wake-up call to lawmakers in Switzerland and everywhere else: terrorists aren't law-abiding citizens! Terrorists don't care whether or not there's a legal way to obtain automatic weapons, C4, strong crypto, or anonymous cell phones - if they want these things, they'll get them one way or another. It's illegal to hijack airplanes, it's illegal to murder people, it's illegal to destroy someone else's property. Gee, a lot of good those laws did!
I wonder how many anonymous Swiss bank accounts are holding terrorist assets...
The link to remove posts from Google's usenet archive is here. There are a couple of stipulations in order for automatic removal to be possible. One, the "From" address on the usenet post must point to the real, unmunged email address under your control. Two, you must register and confirm a groups.google utility account from that same address (you can do so at the above link). The parent's parent's poster should be able to meet both of these qualifications.
If you find that you have a large number of posts that you need removed, I wrote a PHP script called NukePost which will remove huge batches from the Google archive at once. The script simulates a browser session and makes all the required, repetative form posts at Google's controller site for you. All you need are the Message-IDs of the offending posts. I may write a groups.google spider to retrieve those in the future.
In situations where it's obvious that you made the post but you can't qualify for automatic removal, an email to groups-support {at} google should get you taken care of. You need to include a few things in your message, details are here.
I've heard rumors that Google maintains a separate usenet archive for paying customers (i.e. governments, corporations) to browse, which does not honor the removal requests or the X-No-Archive header - though I have absolutely nothing to back that up with - so it's possible that nuking posts is a futile effort. It should keep the cheap spammers away, at least.
Shaun
PHPLabs Supersite
Good question. I say we should petition to have it added to Form 1040:To hell with the Campaign Fund, put my tax dollars to good use!
-s
Shaun
No, I'm not some paranoid delusional. They've tried to pass a law here where anyone who buys or sells any item at a pawn shop would be required to provide their fingerprints to the pawn shop. The fingerprints would then be turned over to the police (who, no doubt, would put them into the NCIC database). Yes, that's right; private transactions between private companies and private individuals would require fingerprints turned over to the cops. We aren't talking guns here, we're talking CD players, cubic zirconia rings, gold necklaces, all the various stuff you find in pawn shops.
The "logic" behind this proposal is that thieves often fence stolen goods at pawn shops; thus pawn shop customers often purchase stolen goods, either intentionally or unintentionally. By requiring that every pawn shop transaction be accompanied by fingerprints, stolen property and those responsible for its theft could supposedly be tracked down more easily. At the same time, the police could add to their fingerprint database of "persons of interest" - that eerily Doublespeak new category which means "they're not even a suspect but we're watching them anyway."
Well, that's a grand idea at first glance. The problem is that pawn shops have plenty of legitimate customers as well - think eBayers - who aren't doing anything wrong and do not deserve to be treated like criminals. It would be easier to track down stolen property if every transaction required you to donate a blood sample. It would be easier to track down stolen property if a law was passed requiring a Lo-Jack device in every tangible good. Hell, it would be easier to track down stolen property by forbidding anyone but the government to sell things to the public. Just because something makes crimes easier to solve, doesn't mean it's a good idea!
My point is that, at least in the USA, people are supposed to be innocent until proven guilty. We're supposed to be protected from unwarranted search and seizure. I'd certainly consider mandated fingerprints at the pawn shop to be unwarranted seizure of those fingerprints. Unfortunately there are a lot of people out there who believe that the ability to solve/prevent crime trumps all other rights. There are a lot of people who believe that outlawing guns will stop murder, or that making non-DRM-compliant computers illegal will stop piracy. You get the idea.
And then what? Either you provide that ID or you don't get hired? Either you provide that ID or you can't buy gas for your car to get to the job you don't have anyway? Either you provide that ID or the grocery store charges you more for food than they charge those who do provide that ID? Think fast: which one of those is already taking place? Who do you think is getting access to your purchase records from the grocery store? I'll save you the trouble, and quote from the article (emphasis mine):
Still not concerned about private companies having your personal data? s/grocery store/your company/g and s/grocery lists/biometric information/g if you don't see the problem. Suppose one day someone in your company's HR department decides to "fight terrorism" by donating every employee's retina scan to the FBI - that's not a problem? It's going to happen sooner than later. Believe me, I never thought I'd see the day when grocery stores tracked individuals' purchases, much less the day when the entire database was willingly handed over to the government.
Further, a lot of biometric devices (and even manual techniques like fingerprint dusting) are susceptible to forgery. Perhaps not as much as they used to be, but still plenty enough to make me nervous. As biometrics become more pervasive, what happens when the grocery store requires your thumbprint, or voiceprint, or retina scan, etc. in order to check out? Suddenly they have a copy of the very "key" that gets you into your office at work, disarms your home's security system, authenticates your bank transactions, and even puts you at the scene of a crime. Sorry, but I'll keep my thumbprint to myself.
No, if someone really REALLY wants to fuck you over, you aren't going to know about it until it happens. If someone wants to try it on me, I'd prefer that they not have access to my fingerprints, my grocery bills, or anything else that's my own goddamn business.
Shaun
People don't have to visit the "victim" site at all, and they certainly don't have to browse the stats. The stats programs and search engine spiders will take care of everything. Got a low-ranking, poor traffic site that nobody links to? No problem, you can have 1,000 people linking to you by the end of the week, whether they know it or not. This really is nothing new, and the spamming side of it (i.e. repeatedly hammering a site) reminds me of how most TopSites work. These have been around forever, and so have the many methods of tricking them.
Placing your URL as the referer to sites with public stats can be quite helpful in boosting your rank, and a slightly hacked copy of wget or w3mir can make it an easy task. I guess the only real "news" here is that, once again, a few village idiots have failed to realize that some things are only good in moderation. There's neither a need nor an excuse to log yourself as a referer to any particular site more than once a month; and hundreds or thousands of times in a day is just plain stupid.
Shaun
ifconfig dc0 lladdr 00:03:AF:42:C1:6E
You should cycle the interface or else you'll probably lose any existing connection. Here's a shell script I use for that purpose:Alias that to a command (say, `newmac`) and all you have to do is type `newmac 00:03:AF:42:C1:6E` to change the MAC. If you're not using a variation of the FreeBSD "simple" firewall be sure to edit or remove the last line in the script.
Shaun
Here is a link to relevant T3Direct threads in NANAE, sorted by reverse date. Read 'em and weep. Congratulations, Joey!! This is one hell of a precedent, even if it is over there in .au :)
Shaun
Yet for some strange reason, only one of the classes does its tests via SAM at course.com and additionally via a program called ExamView. The class in which SAM and ExamView are required is called "Intro to Microcomputers" (heh, I graduate this semester, I've gone through 4 C/C++ classes and a Java class, I just never took this class 'till now). The VB class I'm taking doesn't require either SAM or ExamView; tests in that class are given in the traditional manner, part written and part "do it on the computer and turn in the floppy."
Are students being indoctrinated into the Microsoft culture? Are students being forced to use Windows for learning, forced to use Windows for programming (all my C classes were done in either Turbo C or MS VC++), forced to use Windows for testing? Yes, absolutely. Does that bother me? Not really; I run Windows and MacOS and FreeBSD and I'm damn sure savvy enough after all this time to know which I prefer. I was more offended at the fact that SAM requires registration. In other words, course.com and God-knows-who it's associated with now knows:
- My full name
- My email address - required as our username
- Which IT-related class(es) I'm taking
- The grades I make on every test for those classes
I don't much mind the fact that the tests are being taken on Windows computers using Windows software. In fact, I prefer the SAM/ExamView tests to written tests; and SAM is actually a pretty nice package. Not only can it ask questions, it can emulate any Windows application, e.g. in my Intro class it emulates Word/Excel/Powerpoint in order to test students on whether or not they can complete the necessary tasks. It truly is a neat application and I can easily see how the college was sold on it.What bothers me is that, in the case of SAM, the exams are taken, scored, and graded on course.com's server... Which means that course.com knows my name and my grades. There was a EULA presented when signing up for a SAM login, but it's not like I had a choice as to whether to accept or reject the license. If I want to pass the class, I have to take the tests via SAM. Which leaves me no other choice but to enter my real information and accept the EULA.
course.com knows what I'm making on my tests, and I have no idea what the fuck they're doing with that knowledge. That, and only that, is what really ticks me off; even if I am acing 'em. My grades should be between me and my college, a third party shouldn't enter into the equation.
Shaun
I know these analogies are flawed, but so is yours. A police officer (at least around here) isn't allowed to go 90mph or fly through a red light unless he's responding to an emergency call or pursuing a known felon. I don't believe anyone called up Agent Peterson and asked him to come check out their WAP on the double; it seems much more to me like he's just poking around. He's doing it under official directive, without a doubt, but that doesn't necessarily make it right.
Why is it that it's OK if Agent Peterson goes wardriving and maybe does a bit of snooping to probe a network, but if we do it, we could be sued or perhaps even branded as hackers (or terrorists, or whatever word they're using nowadays) and tossed into the clink? Why is that Agent Peterson can throw together a decent gain antenna made out of a Pringles can and look like a genius for using limited resources, but if we do that, we're frowned upon since we used a few raw materials for something other than their obvious purpose? Why is it that Agent Peterson is likely praised among his peers and the D.C. community for "protecting" government and corporate interests, yet you or I would wind up facing stiff penalties under the DMCA for using the Pringles can as a "circumvention device" to gain "unauthorized access" to this or that network, even if we had the same basic ideals (improving security) in mind?
"Because he works for the Secret Service" is not really much of an answer IMO. I can't go around murdering people I don't like, but neither can Secret Service agents; membership in the law enforcement community is not a carte blanche. If it had been a Secret Service agent who discovered and pondered publishing the flaw in HP's Tru64, would HP still have threatened with the DMCA? You're damned right they wouldn't have.
My point is that it's all perception. If ABC Corp. gets a call from the Secret Service saying "Your wireless network is insecure, I could use it to do something nefarious," the IT goober is notified; and either the network is locked down or the incompetent IT manager is fired, tout de suite. If ABC Corp. gets that same phone call from a curious layperson, ABC Corp. gets on the phone with its legal team, subpoenas the phone records, and files suit against the "terrorist hacker perpetrator."
This is wrong, and the underlying perception is one that we're going to have to work very hard to change.
Shaun
P.S. Hi USSS, are you still reading? My homepage hasn't had any hits from eop.gov lately, I feel neglected
Think of it as a man in the middle attack at the very core of Windows (though fully supported by the API - there are plenty of legit uses for these sorts of hooks). This isn't very difficult, it's how many of the "Net Nanny" and "Spy on your Wife" programs figure out where you're browsing to and who you're talking with on AOL, and it's the same principle that Windows keyloggers have been based upon forever. You tap into the message queue, ignore anything you don't care about, and mess with anything that interests you.
The problem is that Amazon's affiliate URLs are in a fairly constant format and easy to fudge. For example, consider the following:It would be very easy to catch such URLs, because they're always in the same format:...replace the affiliate-id with your own, send the "Go to this URL now, please" request on to IE, and you're set.
As an aside, message queue peeking and system hooks are usually the reason why having spyware (especially multiple spyware apps) installed can slow your system down or even bork it completely. Imagine the above scenario, except with 10 different spyware programs all trying to intercept and reformat the same messages for the same program at the same time...
Shaun
The next instruction was "Place your hands back down at your side," and when I did so, a deputy behind me promptly cuffed them and put me into the back of one of the cars. For the next 2+ hours I was questioned about an apparent explosion that had taken place nearby. I was threatened with the bringing out of bomb-sniffing dogs, and "those dogs can smell drugs too." After two hours of me being quite clear in the fact that I hadn't done anything, invitations to bring out the bomb/drug dogs, and encouraging them to get the search warrant they claimed they could get at a moment's notice, I was finally let go.
I have to wonder: do law enforcement officials honestly view shaking hands as a sign of guilt? Don't they realize that the average citizen does not come into confrontation with them on a regular basis, and is (understandably) rather shook-up when such an encounter takes place?
I'd probably be nervous if they chose me for random inspection at the airport. Not because I'm doing anything wrong, but just because it's an uncomfortable and unnerving situation. I hope nobody's been detained just because they had shaky hands or a nervous voice.
Ever since my own incident, I go out on the back porch to smoke. And I'm incredibly nervous when I see a cop car, even though I haven't done anything wrong. Such is life in America, and that was before 9/11.
Shaun
>Why is it OK to use these techniques to get the spammers, but not the terrorists?
Probably because
a) Spam filtering is not yet widely a criminal matter, it's more of a civil matter (for the time being) involving property rights, trespass to chattel, etc.
b) Even if spam filtering were a criminal matter, you can bet your bottom dollar that spammers would be given a trial amongst a jury of their (supposed) peers
c) Spammers will never be subject to secret military tribunals after which they could very well be executed without a soul knowing what took place, or that they had even been detained to begin with
d) The penalty for spamming is not death, and realistically never should be, regardless of how annoying it is or whatever cynical comments are made
e) In the end, when it comes to spam filtering, it's up to the individual - not the government - to decide the "punishment" of the "offender" (which at maximum is limited to rejecting the email or perhaps complaining to the originating ISP)
f) Being labeled a spammer, or even a convicted spammer, might get one blackballed in the marketing or IT industries; whereas being labeled a terrorist will prevent one from finding work just about anywhere or getting fired from their current job, even if they're found not guilty, or even if they're not tried for any crime at all (see: Richard Jewell, Steven J. Hatfill, Sami Al-Arian)
That's enough reasons for me.
Shaun
That happened long ago. I'm not going to launch into a huge Trammel flame, since I spent most of my time there post-Renaissance, but IMO the community started going downhill at about the point when newly created characters started out with 1000 gold instead of 100. It was a half-fix to an obvious problem (inflation due to months of rampant duping).
If I had to come up with a single root cause for my leaving UO, it would be that the economy was fucked up beyond repair. That took a lot of the community down with it. It's tough to be nice to the 20 other people in the reagent shop competing for resources, or the group of folks hoarding those resources and selling them at 10x markup on their vendors. It's hard to be nice to the guy who follows you around a dungeon kill-stealing because he has to save up 6 million gold for a small wooden house in the middle of nowhere.
Contrary to what I'd see daily on the UO boards, I never ran into many "grief players" who were out to ruin others' gameplay for the sake of doing it. Most of the problems I ran into were with folks who wanted gold, or real money from eBay. The aforementioned reagent hoarding and kill-stealing, as well as looting, spawn camping, tamers with 3 dragons in tow, rogue bards hogging an entire dungeon, exploiting, account hacks, and just about everything else annoying was being done for in-game or real life financial gain.
Money is the root of all evil, and in UO, it shows. Seems rather ironic that money, or EA/OSI's need for it, is causing this "divide" in the community. I'm glad I managed to permanently break the addiction, else I'd probably have wasted 6 hours on the boards today. Now if I can just get rid of the slight DT's induced by this article
Shaun, aka
Frigax
Lake Superior
Shaun
This about sums it up from my experience as well. I've installed Apache 2.0 on precisely one server: a development box dualbooting Windows and FreeBSD. 2.0 runs just fine, and aside from a few early PHP issues, I haven't had any problem with it. But my opinion - which, I think, is fairly common - is "why bother?"
I've installed Apache 1.3x on numerous machines over the past few years. All of the webhosting companies I've worked with still run 1.3.23 or 1.3.26. I know the process of installing Apache 1.3.x with PHP and MySQL ("LAMP" or "FAMP" servers) like the back of my hand. I've written shell scripts to do it for me. As long as the tried-and-true Apache keeps running, and is still being actively bugfixed, I see no reason to switch production servers to Apache 2.0.
"Why fix what ain't broken" is a damn good way to sum it up, IMO. This is coming from a guy who's perfectly happy running MacOS 8.6.1 on his G4, and WinME on his Windows boxes. There's no sense upgrading if everything's working fine now. Along the same train of thought, why take the time to learn the new configuration/installation options for Apache 2.0x, not to mention updating scripts or doing the actual installs, when 1.3.26 works just as well as it ever has? The benefits of 2.0x simply haven't won me over yet.
Someday, but not yet.
Shaun
I was sitting in class today and a woman's cell phone went off. It wasn't too annoying at first. Then she pulled her purse out of her backpack, and it got louder. Then she pulled the phone out of her purse, and it might as well have been a goddamn fire alarm. All in all, it took 30 seconds or so for her to turn it off, and it completely interrupted everyone's train of thought. When I see someone on a cellphone, this is the type of experience that immediately comes to mind - not the guy who I didn't even notice because he was speaking softly into his phone as I passed him on the walkway.
Think of SUVs, a good example since they've already been mentioned once in this thread. SUVs seem to carry similar connotations. Many people, myself included, see someone driving an SUV and often think "road hogging, gas guzzling, polluting idiot!" Of course that's not true in all cases. My dad's been driving an Explorer since '96 or so. He's never had a wreck in his life, he's never even had so much as a speeding ticket; he's a very safe and astute driver. Perhaps "gas guzzling" and "polluting" still apply, but he's not a road hog and he's no idiot. Yet I'm sure there are plenty of people who think that when they see him driving down the road.
It's just a stereotype. People have come to associate cellphones with rude, inconsiderate behavior (and for a good reason). They salivate when the bell rings, you can't expect anything else.
Shaun
Bitzi is based on checksumming. After you download a file, you run it through the Bitcollider app to generate a unique checksum which is automatically uploaded to the Bitzi site. Meta-information like ID3 tags, etc. is also extracted from the file if present, and all of this data is combined to create what's known as a "Bitzi ticket." You can vote for the (in)validity of a particular file, and you can also leave comments about a particular file for other users. A ticket can be created for any file, not just MP3s; there are already lots of pornos with Bitzi tickets
The eventual goal is that, before you take the time to download a file, you'll be able to look up its Bitzi ticket and determine whether or not it's what you're really looking for. If 10 people have already indicated that the file is bogus, corrupted, incomplete, etc. you'll be able to safely skip it without wasting time or bandwidth. In order for this to happen on a broad scale, Bitzi needs more users. It's totally a volunteer community effort; someone has to be the first person to run each file through the Bitcollider and generate the initial ticket. Please visit the Bitzi site, register (I can vouch for the fact that it's possible to register with an @example.com address and still access the site just fine), then run all your shared and/or downloaded files through Bitcollider. The more files that get into the Bitzi system, the better; this includes "bad" files, and in fact ticketing "bad" files is probably more useful than ticketing "good" files.
Several popular P2P filesharing clients, including BearShare and eDonkey2K, already have built in support for Bitzi tickets. I hope others will follow suit.
Shaun
It's called Amp and comes in an 8.5 ounce can (seems to be the standard for energy drinks). Tastes like a combination of Dew and Smarties candy. It's not worth the $2/can, though; I've tried it a couple of times and it didn't give me a noticeable boost.
Shaun
I agree with you that some of the more abusive clients are getting out of control. I don't agree with blocking them outright, though. Gnutella is where it is because it's an open network and an open protocol; I think we have to leave it that way if we expect any future genius to appear on the network. Closing things up and locking the doors, these aren't the appropriate solutions IMO.
I think filtering of abusive apps should be done on the client side of the servent equation. The biggest problems I've seen lately don't involve Xolox specifically, but users of varying servents. People who queue up hundreds of different files to download at a time. People using programs which ignore "Not Shared" or "Refused" replies, and continue to pound my box looking for files that don't exist.
I was out of town for a few days last week (all computers turned off, except for my router box). When I came back, I fired up my Gnutella program. Without even connecting to the network, I was immediately serving uploads. That means that someone was trying to download from me for three full days while a) the files were not shared, b) Gnutella wasn't running, and c) the freaking computer wasn't even turned on! Come on, servent authors: pay some attention when you get "Refused" or "Not Shared" responses. Drop such files from the queue after 2 or 3 failed tries, don't leave them sitting there for eternity.
I want a setting that says "drop all packets from hosts who request a no-longer-shared file." I want a setting that says "drop all packets from hosts who attempt to download while the program is running but not connected to the network." I want a setting that says "drop all packets from hosts who send download requests more than $TIMES per minute." My per-user upload limit is set at 1, so someone queueing up 200 files at a time generates an enormous amount of protocol overhead. It might be 5 hours before that user gets all of his 200 files, all the while he's sending a constant barrage of packets which accomplish nothing.
Gnutella is an open network. Yes, we do need to do something about read-only clients, but I think it should be up to the people to decide what gets done. Provide the users with the appropriate filters and let the majority determine what behavior is good vs. bad.
Shaun
The story as I understand it is that Rodentia was hired by Mark Rice to spam for certain stocks. When Rice wrote the spam text, he bragged about his (bogus) surefire history at picking stocks, and made other possibly false claims about the stocks and his investment prowess. In addition, the spam did not disclose the fact that the people doing this "promotion" stood to profit based upon reaction to the spam. There are a few standard disclaimers required by law, which you'll find at the bottom of legitimate analyses released by legitimate banks and investment firms. Forward-looking statements, yadda yadda.
The whole thing is known as a "pump 'n dump" scam; i.e. you buy a lot of shares in the company, pump up the stock price through some fraudulent or misrepresentative means, then dump the shares for a profit. It can also be done in reverse, by shorting a large number of shares and then issuing a bogus negative press release to drive the stock price down - look at what a single negative press release did to shares of ImClone, the company Martha Stewart got caught up in, and you'll get a feel for what a single statement can do to a stock (though obviously the ImClone release was valid). Typically the perpetrator will target a company you've never heard of, whose stock is trading OTC for fractions of a cent per share; that way the up-front cost is low and the risk is negligible if anything backfires.
It's very illegal, and this is what the SEC is going after them for. While the phenomenon was much more widespread during the dot com stock boom, it's still going on today and likely always will be. If you receive "pump 'n dump" spam, please forward it to enforcement [at] sec.gov.
Shaun
>Requires an administrator to restart it? Do they mean it basically crashes
e l l32.dll,SHExitWindowsEx+5
>and has to be rebooted?
Probably, yes. I don't know what exactly Mullen is doing, but I suspect it's similar to one of the "return fire" solutions I've implemented:
HTTP requests for default.ida (of Code Red fame) are redirected to a PHP script via Apache rewrite directives. That script pulls the REMOTE_ADDR environmental variable, which contains the IP address of the infected machine, then sends two requests back to that host:
http://$host/scripts/root.exe?/c+iisreset+/stop
http://$host/scripts/root.exe?/c+rundll32.exe+sh
If you're so inclined, you could use root.exe to do something more conspicuous in the hopes of alerting the user to the problem. For example, instead of shutting down the remote machine, you could create some directories named @ATTENTION_ADMINISTRATOR and @YOUR_COMPUTER_IS_INFECTED_WITH_A_VIRUS in the C drive. That's bound to get someone's attention eventually.
Shaun